{"id":"MGASA-2025-0156","summary":"Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities","details":"Better TLS connection support. (CVE-2025-21587)\nImprove compiler transformations. (CVE-2025-30691)\nEnhance Buffered Image handling. (CVE-2025-30698)\nThe updated timezone data are needed by the new Java packages.\n","modified":"2026-02-04T02:49:13.432593Z","published":"2025-05-13T20:56:43Z","related":["CVE-2025-21587","CVE-2025-30691","CVE-2025-30698"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0156.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34206"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2025:3845"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2025:3850"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2025:3853"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2025:3856"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA"}],"affected":[{"package":{"name":"timezone","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/timezone?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2025a-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0156.json"}},{"package":{"name":"java-1.8.0-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-1.8.0-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0.452.b09-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0156.json"}},{"package":{"name":"java-11-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-11-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.27.0.6-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0156.json"}},{"package":{"name":"java-17-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-17-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.0.15.0.6-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0156.json"}},{"package":{"name":"java-latest-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-latest-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.1.0.9-1.rolling.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0156.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}